Voilà! An authentication URL. Point your application user at this URL, and Remember The Milk will:

Ask them to login with their Remember The Milk credentials, if they're not already logged in, and then...

Ask them if they wish to give your application access to their account (with the permissions you asked for).

If the user authorizes your application, they are then redirected to your callback URL with a frob parameter, like so:

http://www.example.com/rtm.php?frob=456abc123xyz987opq

Your application should now make a call to rtm.auth.getToken with a frob parameter as passed to the callback URL. You'll get back an <auth> element with a token (you use this as the auth_token parameter for all further authenticated API calls) and some user information, like so:

User authentication for desktop applications

Desktop application authentication is pretty much identical to the above, but, instead of being redirected to a callback URL with a frob, we first make a call to rtm.auth.getFrob and pass the result as a frob parameter in our authentication URL.

So, first of, we call rtm.auth.getFrob, and it returns a <frob> element:

Voilà! An authentication URL for desktop applications. Point your application user at this URL, and Remember The Milk will:

Ask them to login with their Remember The Milk credentials, if they're not already logged in, and then...

Ask them if they wish to give your application access to their account (with the permissions you asked for).

If the user authorizes your application, they are then instructed to return to your application so that the authorization process may be completed.

Your application should now make a call to rtm.auth.getToken with a frob parameter (the one you received from rtm.auth.getFrob). You'll get back an <auth> element with a token (you use this as the auth_token parameter for all further authenticated API calls) and some user information, like so: